AAPL Stock: 130.28 ( -1.5 )

Printed from

Safari 5.0.1, 4.1.1 security fixes include AutoFill patch

updated 11:45 am EDT, Wed July 28, 2010

Closes major security hole

The Safari 5.0.1 update -- and the corresponding v4.1.1 update for Tiger -- finally fix a serious AutoFill vulnerability, an Apple security note reveals. Using a carefully-crafted site and JavaScript, vulnerable versions of Safari can be tricked into entering and sending personal information without consent. Knowledge of the threat has allegedly been in the public domain for about a year, but until now not dealt with by Apple.

The upgrades also solve a problem with RSS feeds, which could be used to trigger uploads to a remote server. All other security improvements are directed at the WebKit engine, which could potentially be exploited through holes in handling of JavaScript, expressions, SVG files, CSS counters and other elements.

The Safari 4.1.1 update applies only to Mac OS X 10.4.11, and is a 29.53MB download.

by MacNN Staff





  1. testudo

    Joined: Dec 1969


    I wonder

    Gee, do you think this autofill issue was fixed because the guy made it public, or it took them this long to actually address the issue (which has actually been around for a while in various forms)?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Notti smart lamp from Witti

Perhaps you've already seen our review of the Dotti LED display from Witti Design. Meet Notti, Dotti's "sibling". Notti is a softb ...

Seagate Personal Cloud (2-Bay)

When it comes to backing up files, many users are now looking to the myriad of cloud storage solutions available. There is no doubt th ...

Leitz Icon Label Printer

When you say the words "label printer" to people, they either just really don't care, or they get incredibly excited. This is one o ...


Most Commented